The stolen data dump consists of about 63GB of data, which includes usernames, email addresses, Twitter handles, number of followers, and account creation dates. However, the released data does not contain telephone numbers. Some of the popular known names and entities in the leak include Google CEO Sundar Pichai, the social media of WHO, Donald Trump Jr., SpaceX, CBS Media, and the National Basketball Association (NBA), among others. Researchers at Privacy Affairs confirmed that this new leak appears to be from the same data breach that took place in late December where the data of 400 million users were put up for sale on the Dark Web for $200,000. Back then, the hacker behind the December breach had demanded from Twitter a ransom of $200,000 to delete the stolen data of 400 million users. The hacker had also warned that the data would be released for free if the demand is not fulfilled. However, this time around the trove of information of 200 million Twitter users is a comprehensive database of the earlier leak, which has been achieved by eliminating duplicate data from the cache put up for sale last month. Although the leaked data doesn’t include passwords, the researchers warn “the availability of the email addresses associated with the listed accounts could be used to determine the real-life identity or location of the affected account holders through social engineering attacks. The email addresses could also be used for spam or scam marketing campaigns and for sending personal threats to individual users.” The researchers also warned that the leaked data sets could be used by any threat actor to hack into accounts, target crypto accounts, doxx user accounts that didn’t use a dedicated email for Twitter. “The database contains 235,000,000 unique records of Twitter users and their email addresses and will, unfortunately, lead to a lot of hacking, targeted phishing, and doxxing. This is one of the most significant leaks ever,” Alon Gal, the co-founder of the Israeli security company Hudson Rock, said in a tweet. “It goes without saying that agencies around the world will use this database as well to further harm our privacy,” he said.

The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing. This is one of the most significant leaks ever. pic.twitter.com/kxRY605qMZ — Hudson Rock (@RockHudsonRock) January 4, 2023  

Leaked Data Belongs To A One-Year-Old Breach

Since July 22nd, 2022, hackers and data breach collectors have been selling and distributing huge data sets of scraped Twitter user accounts containing both private (phone numbers and email addresses) and publicly available information from many online hacker forums and black markets for cybercrime. These data sets were created in 2021 using a “data scraping technique” by exploiting an application programming interface (API) vulnerability, which allowed users to enter email addresses and phone numbers to find any account corresponding to that information on Twitter. The threat actors then used another API to scrape the public Twitter data for the ID and combined it with private email addresses and phone numbers to create profiles of Twitter users. In January 2022, Twitter fixed the bug upon discovery via its HackerOne bug bounty program. Although the microblogging site patched this vulnerability in January 2022, multiple threat actors have recently started to distribute the data sets collected by them over a year ago often for free or for a relatively low price. According to BleepingComputer, this new cache of data consisting of more than 200 million users is not free and costs eight credits of Breached forum’s currency, which is approximately $2. Apparently, a user needs to purchase ‘credits’ to download leaks posted on this forum by users. Twitter has not yet commented on the matter.